I'm trying to generate a one-click login URL for WHM.
The code below was one based on a cPanel login (which I was going to change for WHM), but it didn't work at all. Access denied errors.
Here's what I tried:
$whmusername = 'root';
$whmpassword = 'password';
$hostname = 'server.example.com';
$cpanel_user = 'cpaneluser';
$query = "https://$hostname/json-api/create_user_session?api.version=1&user=$cpanel_user&service=cpaneld";
$curl = curl_init(); // Create Curl Object.
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); // Allow self-signed certificates...
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); // and certificates that don't match the hostname.
curl_setopt($curl, CURLOPT_HEADER, false); // Do not include header in output
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); // Return contents of transfer on curl_exec.
$header[0] = "Authorization: Basic " . base64_encode($whmusername.":".$whmpassword) . "\n\r";
curl_setopt($curl, CURLOPT_HTTPHEADER, $header); // Set the username and password.
curl_setopt($curl, CURLOPT_URL, $query); // Execute the query.
$result = curl_exec($curl);
if ($result == false) {
error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
}
$decoded_response = json_decode( $result, true );
$session_url = $decoded_response['data']['url'];
$cookie_jar = 'cookie.txt';
curl_setopt($curl, CURLOPT_HTTPHEADER, null); // Unset the authentication header.
curl_setopt($curl, CURLOPT_COOKIESESSION, true); // Initiate a new cookie session.
curl_setopt($curl, CURLOPT_COOKIEJAR, $cookie_jar); // Set the cookie jar.
curl_setopt($curl, CURLOPT_COOKIEFILE, $cookie_jar); // Set the cookie file.
curl_setopt($curl, CURLOPT_URL, $session_url); // Set the query url to the session login url.
$result = curl_exec($curl); // Execute the session login call.
if ($result == false) {
error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
// Log an error if curl_exec fails.
}
$session_url = preg_replace( '{/login(?:/)??.*}', '', $session_url );
$query = "$session_url/execute/Ftp/list_ftp";
curl_setopt($curl, CURLOPT_URL, $query); // Change the query url to use the UAPI call.
$result = curl_exec($curl); // Execute the UAPI call.
if ($result == false) {
error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
// log error if curl exec fails
}
curl_close($curl);
print $result;
I was able to do this by using this following code. This code was originally used in a WHM API example, but I reapplied it for this purpose.
$user = "root";
$token = "API Token";
$query = "https://server.example.com:2087/json-api/create_user_session?api.version=1&user=root&service=whostmgrd";
$curl = curl_init();
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
$header[0] = "Authorization: whm $user:$token";
curl_setopt($curl,CURLOPT_HTTPHEADER,$header);
curl_setopt($curl, CURLOPT_URL, $query);
$result = curl_exec($curl);
$http_status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if ($http_status != 200) {
echo "[!] Error: " . $http_status . " returned\n";
} else {
$json = json_decode($result, true);
$login_url = $json['data']['url'];
echo $login_url;
}
curl_close($curl);
Instead of using WHM user/password, use just the user and login with an API Token which can be created in WHM -> Manage API Tokens.
Then take the json data and output just the URL.